FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-22 13:24:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f9f5c5a2-17b5-11e8-90b8-001999f8d30b	asterisk and pjsip -- multiple vulnerabilities The Asterisk project reports: AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description. AST-2018-003 - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid). Discovery 2018-02-21 Entry 2018-02-22 asterisk13 < 13.19.2 pjsip < 2.7.2 pjsip-extsrtp < 2.7.2 https://downloads.asterisk.org/pub/security/AST-2018-002.html https://downloads.asterisk.org/pub/security/AST-2018-003.html
92ad12b8-ec09-11eb-aef1-0897988a1c07	pjsip -- Race condition in SSL socket server pjsip reports: There are a couple of issues found in the SSL socket: A race condition between callback and destroy, due to the accepted socket having no group lock. SSL socket parent/listener may get destroyed during handshake. Discovery 2021-07-23 Entry 2021-07-23 pjsip < 2.11.1 CVE-2021-32686 https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr

VuXML ID

Description

f9f5c5a2-17b5-11e8-90b8-001999f8d30b

asterisk and pjsip -- multiple vulnerabilities

The Asterisk project reports:

AST-2018-002 - By crafting an SDP message with an invalid media format description Asterisk crashes when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description.

AST-2018-003 - By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid).

Discovery 2018-02-21
Entry 2018-02-22
asterisk13

< 13.19.2

pjsip

< 2.7.2

pjsip-extsrtp

< 2.7.2

https://downloads.asterisk.org/pub/security/AST-2018-002.html
https://downloads.asterisk.org/pub/security/AST-2018-003.html

92ad12b8-ec09-11eb-aef1-0897988a1c07

pjsip -- Race condition in SSL socket server

pjsip reports:

There are a couple of issues found in the SSL socket:

A race condition between callback and destroy, due to the accepted socket having no group lock.

SSL socket parent/listener may get destroyed during handshake.

Discovery 2021-07-23
Entry 2021-07-23
pjsip

< 2.11.1

CVE-2021-32686
https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr